summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2013-09-28 14:55:09 (GMT)
committerAlex Pott2013-09-28 14:55:09 (GMT)
commit820205f13fe749b446a7cd77261afc0ae0c5dc60 (patch)
tree181338d62fbd70640bca0a79558e1dd397dae32d
parentbd5e04943a1616ac9145a729ef72d8cce6fbcdd2 (diff)
Issue #1327224 by Berdir, ryanissamson, johnv, chris.leversuch, edb, nyirocsaba: Fixed Access denied to taxonomy term image.
-rw-r--r--core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TaxonomyImageTest.php102
-rw-r--r--core/modules/taxonomy/taxonomy.module10
2 files changed, 112 insertions, 0 deletions
diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TaxonomyImageTest.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TaxonomyImageTest.php
new file mode 100644
index 0000000..db00705
--- /dev/null
+++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TaxonomyImageTest.php
@@ -0,0 +1,102 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\taxonomy\Tests\TaxonomyImageTest.
+ */
+
+namespace Drupal\taxonomy\Tests;
+
+/**
+ * Provides helper methods for taxonomy terms with image fields.
+ */
+class TaxonomyImageTest extends TaxonomyTestBase {
+
+ /**
+ * Used taxonomy vocabulary.
+ *
+ * @var \Drupal\taxonomy\VocabularyInterface
+ */
+ protected $vocabulary;
+
+ /**
+ * Modules to enable.
+ *
+ * @var array
+ */
+ public static $modules = array('image');
+
+ public static function getInfo() {
+ return array(
+ 'name' => 'Taxonomy Image Test',
+ 'description' => 'Tests access checks of private image fields',
+ 'group' => 'Taxonomy',
+ );
+ }
+
+ public function setUp() {
+ parent::setUp();
+
+ // Remove access content permission from registered users.
+ user_role_revoke_permissions(DRUPAL_AUTHENTICATED_RID, array('access content'));
+
+ $this->vocabulary = $this->createVocabulary();
+ // Add a field instance to the vocabulary.
+ $entity_type = 'taxonomy_term';
+ $name = 'field_test';
+ entity_create('field_entity', array(
+ 'name' => $name,
+ 'entity_type' => $entity_type,
+ 'type' => 'image',
+ 'settings' => array(
+ 'uri_scheme' => 'private',
+ ),
+ ))->save();
+ entity_create('field_instance', array(
+ 'field_name' => $name,
+ 'entity_type' => $entity_type,
+ 'bundle' => $this->vocabulary->id(),
+ 'settings' => array(),
+ ))->save();
+ entity_get_display($entity_type, $this->vocabulary->id(), 'default')
+ ->setComponent($name, array(
+ 'type' => 'image',
+ 'settings' => array(),
+ ))
+ ->save();
+ entity_get_form_display($entity_type, $this->vocabulary->id(), 'default')
+ ->setComponent($name, array(
+ 'type' => 'image_image',
+ 'settings' => array(),
+ ))
+ ->save();
+ }
+
+ public function testTaxonomyImageAccess() {
+ $user = $this->drupalCreateUser(array('administer site configuration', 'administer taxonomy', 'access user profiles'));
+ $this->drupalLogin($user);
+
+ // Create a term and upload the image.
+ $files = $this->drupalGetTestFiles('image');
+ $image = array_pop($files);
+ $edit['name'] = $this->randomName();
+ $edit['files[field_test_0]'] = drupal_realpath($image->uri);
+ $this->drupalPostForm('admin/structure/taxonomy/manage/' . $this->vocabulary->id() . '/add', $edit, t('Save'));
+ $terms = entity_load_multiple_by_properties('taxonomy_term', array('name' => $edit['name']));
+ $term = reset($terms);
+ $this->assertText(t('Created new term @name.', array('@name' => $term->label())));
+
+ // Create a user that should have access to the file and one that doesn't.
+ $access_user = $this->drupalCreateUser(array('access content'));
+ $no_access_user = $this->drupalCreateUser();
+ $image = file_load($term->field_test->target_id);
+ $this->drupalLogin($access_user);
+ $this->drupalGet(file_create_url($image->getFileUri()));
+ $this->assertResponse(200, 'Private image on term is accessible with right permission');
+
+ $this->drupalLogin($no_access_user);
+ $this->drupalGet(file_create_url($image->getFileUri()));
+ $this->assertResponse(403, 'Private image on term not accessible without right permission');
+ }
+
+}
diff --git a/core/modules/taxonomy/taxonomy.module b/core/modules/taxonomy/taxonomy.module
index 6c996ac..4f9cec1 100644
--- a/core/modules/taxonomy/taxonomy.module
+++ b/core/modules/taxonomy/taxonomy.module
@@ -8,6 +8,7 @@
use Drupal\Core\Entity\DatabaseStorageController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\Field\FieldDefinitionInterface;
+use Drupal\file\FileInterface;
use Drupal\node\Entity\Node;
use Drupal\taxonomy\Entity\Term;
use Drupal\taxonomy\Entity\Vocabulary;
@@ -829,6 +830,15 @@ function taxonomy_term_load($tid) {
}
/**
+ * Implements hook_file_download_access().
+ */
+function taxonomy_file_download_access($field, EntityInterface $entity, FileInterface $file) {
+ if ($entity->entityType() == 'taxonomy_term') {
+ return $entity->access('view');
+ }
+}
+
+/**
* Implodes a list of tags of a certain vocabulary into a string.
*
* @see drupal_explode_tags()